Google’s Play Store will be less transparent about its app licensing system

3

Google wants to change the way its Play Store works to give developers more context on how their apps are used. But it also happens at the expense of some transparency.

Google is taking a strange step back in terms of personal data protection. As of July 20, the information displayed in the Play Store for each application will no longer be as complete as before, or at least may not be as complete as before. As Ars Technica noted, a change that has been gradually implemented since April last year will automatically stop specifying the permissions required by each application that you are likely to download.

Google relies on good faith

Until now, every application listed in the Play Store has been automatically scanned by Google to establish a list of necessary permissions for the operation (geolocation, access to files, SMS, etc.). The list of permissions requested by the app was then listed on its file. From July 20, Google will completely switch to a system based on the good faith of development teams. Each developer will complete the list of permissions manually and briefly explain why this permission has been requested.

According to Google, this change in method is intended “Help users understand what data is collected or shared by your app, and outline your app’s most important security and privacy practices.“The automated list generated by Google was actually not necessarily very clear as it did not provide any context specifying why an application could request certain permissions. On this, the development teams will be more exhaustive.

Advertising, your content continues below

Illustration Play Store Permits

The new layout of permissions in the Play Store –

© Google

However, the automatic scanning method had the advantage that it was perfectly transparent. If an app configuration file indicated that it needed geolocation access, this permission was automatically specified. From now on, this will be done according to a declarative model. The risk of a developer “forgetting” to indicate an authorization is therefore not zero, although Google apparently states that if such a practice is noticed, the company may “be required to take appropriate measures, including sanctions.

No secret data mining

Let us be very clear on one point: This does not mean that an application will be able to access your GPS location or your text messages without asking you. Once the software is installed, it should still ask you before you can access your personal data, just like before. This simply means that the presentation cards in the Play Store will no longer necessarily be as transparent as before, where a robot made sure to list all the authorizations potentially required. It will now be necessary to trust the description from the creators and creators of applications.

Play Store will continue to scan apps for required permissions, but will no longer show them to users. That way, the Play Store gets closer to the iOS App Store, which also relies on development teams’ good faith for their “privacy tags.” A solution that combines automatic registration and human contextualization would have been preferable given Google’s reputation for Play Store security.

Advertising, your content continues below

Advertising, your content continues below

Leave a Comment